Logo Search packages:      
Sourcecode: libgnucrypto-java version File versions  Download package


package gnu.crypto.key.srp6;

// ----------------------------------------------------------------------------
// $Id: SRP6TLSServer.java,v 1.3 2005/10/06 04:24:16 rsdio Exp $
// Copyright (C) 2003 Free Software Foundation, Inc.
// This file is part of GNU Crypto.
// GNU Crypto is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2, or (at your option)
// any later version.
// GNU Crypto is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; see the file COPYING.  If not, write to the
//    Free Software Foundation Inc.,
//    51 Franklin Street, Fifth Floor,
//    Boston, MA 02110-1301
//    USA
// Linking this library statically or dynamically with other modules is
// making a combined work based on this library.  Thus, the terms and
// conditions of the GNU General Public License cover the whole
// combination.
// As a special exception, the copyright holders of this library give
// you permission to link this library with independent modules to
// produce an executable, regardless of the license terms of these
// independent modules, and to copy and distribute the resulting
// executable under terms of your choice, provided that you also meet,
// for each linked independent module, the terms and conditions of the
// license of that module.  An independent module is a module which is
// not derived from or based on this library.  If you modify this
// library, you may extend this exception to your version of the
// library, but you are not obligated to do so.  If you do not wish to
// do so, delete this exception statement from your version.
// ----------------------------------------------------------------------------

import gnu.crypto.Registry;
import gnu.crypto.key.KeyAgreementException;
import gnu.crypto.key.OutgoingMessage;
import gnu.crypto.key.IncomingMessage;
import gnu.crypto.sasl.srp.SRP;
import gnu.crypto.sasl.srp.SRPAuthInfoProvider;
import gnu.crypto.sasl.srp.SRPRegistry;
import gnu.crypto.util.Util;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;

 * <p>A variation of the SRP6 key agreement protocol, for the server-side as
 * proposed in
 * <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using
 * SRP for TLS Authentication</a>. The only difference between it and the SASL
 * variant is that the shared secret is the entity <code>S</code> and not
 * <code>H(S)</code>.</p>
 * @version $Revision: 1.3 $
00072 public class SRP6TLSServer extends SRP6KeyAgreement {

   // Constants and variables
   // -------------------------------------------------------------------------

   /** The user's ephemeral key pair. */
00078    private KeyPair hostKeyPair;

   /** The SRP password database. */
00081    private SRPAuthInfoProvider passwordDB;

   // Constructor(s)
   // -------------------------------------------------------------------------

   // default 0-arguments constructor

   // Class methods
   // -------------------------------------------------------------------------

   // Instance methods
   // -------------------------------------------------------------------------

   // implementation of abstract methods in base class ------------------------

   protected void engineInit(final Map attributes) throws KeyAgreementException {
      rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);

      final String md = (String) attributes.get(HASH_FUNCTION);
      if (md == null || "".equals(md.trim())) {
         throw new KeyAgreementException("missing hash function");
      srp = SRP.instance(md);

      passwordDB = (SRPAuthInfoProvider) attributes.get(HOST_PASSWORD_DB);
      if (passwordDB == null) {
         throw new KeyAgreementException("missing SRP password database");

   protected OutgoingMessage engineProcessMessage(final IncomingMessage in)
   throws KeyAgreementException {
      switch (step) {
      case 0:  return sendParameters(in);
      case 1:  return computeSharedSecret(in);
      default: throw new IllegalStateException("unexpected state");

   protected void engineReset() {
      hostKeyPair = null;

   // own methods -------------------------------------------------------------

   private OutgoingMessage sendParameters(final IncomingMessage in)
   throws KeyAgreementException {
      final String I = in.readString();

      // get s and v for user identified by I
      // ----------------------------------------------------------------------
      final Map credentials;
      try {
         final Map userID = new HashMap();
         userID.put(Registry.SASL_USERNAME,    I);
         userID.put(SRPRegistry.MD_NAME_FIELD, srp.getAlgorithm());
         credentials = passwordDB.lookup(userID);
      } catch (IOException x) {
         throw new KeyAgreementException("computeSharedSecret()", x);

      final BigInteger s = new BigInteger(1, Util.fromBase64(
            (String) credentials.get(SRPRegistry.SALT_FIELD)));
      final BigInteger v = new BigInteger(1, Util.fromBase64(
            (String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD)));

      final Map configuration;
      try {
         final String mode = (String) credentials.get(SRPRegistry.CONFIG_NDX_FIELD);
         configuration = passwordDB.getConfiguration(mode);
      } catch (IOException x) {
         throw new KeyAgreementException("computeSharedSecret()", x);

      N = new BigInteger(1, Util.fromBase64(
            (String) configuration.get(SRPRegistry.SHARED_MODULUS)));
      g = new BigInteger(1, Util.fromBase64(
            (String) configuration.get(SRPRegistry.FIELD_GENERATOR)));
      // ----------------------------------------------------------------------

      // generate an ephemeral keypair
      final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator();
      final Map attributes = new HashMap();
      if (rnd != null) {
         attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd);
      attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N);
      attributes.put(SRPKeyPairGenerator.GENERATOR,      g);
      attributes.put(SRPKeyPairGenerator.USER_VERIFIER,  v);
      hostKeyPair = kpg.generate();

      final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY();

      final OutgoingMessage result = new OutgoingMessage();

      return result;

   protected OutgoingMessage computeSharedSecret(final IncomingMessage in)
   throws KeyAgreementException {
      final BigInteger A = in.readMPI();

      final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY();
      final BigInteger u = uValue(A, B); // u = H(A | B)

      // compute S = (Av^u) ^ b
      final BigInteger b = ((SRPPrivateKey) hostKeyPair.getPrivate()).getX();
      final BigInteger v = ((SRPPrivateKey) hostKeyPair.getPrivate()).getV();
      final BigInteger S = A.multiply(v.modPow(u, N)).modPow(b, N);

      K = S;

      complete = true;
      return null;

Generated by  Doxygen 1.6.0   Back to index